| website | https://www.bleepingcomputer.com/author/ionut-ilascu/ |
| twitter.com/Ionut_Ilascu |
Google says that it removed the ads and took action against associate accounts.
Company added that it sees bad actors working on a larger scale and with more sophistication to evade detection.
Good chance we'll see more of this
AI taking control of the systems
Incredible what DNS data can help uncover.
Short link service for crims registered up to 75, 000 domains since April 2023.
Operation active for at least 4 years helped deliver phishing, scams, and malware.
In one day, they registered close to 800 domains, daily average since May is 43 domains.
Exploit code is publicly available for CVE-2023-20198. a maximum severity vulnerability in Cisco IOS XE that allows an attacker to bypass authentication and to create a new user with level 15 privileges.
Cisco IOS XE devices at many telecommunications and internet service providers have been hacked and the threat actor has been running commands for reconnaissance purposes.
Hunting for traces of an Octo Tempest intrusion is difficult because the hackers combines advanced social engineering with living-off-the-land tools and techniques.
Behind the attacks are technically adept individuals and hands-on-keyboard operators.
Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, aka Scattered Spider, that targets companies in data extortion and ransomware attacks.
Before you head out for the weekend, read today's Metacurity for the top infosec developments you should know.
Lead items via @tila @serghei @SuzanneSmalley @jgreig @chrismvasq @mehtology, others
https://metacurity.substack.com/p/hackers-claim-six-terabyte-data-theft
CISA shares detection methods and TTPs after hackers breached a critical infrastructure org in the U.S. by exploiting CVE-2023-3519, the most severe (9.8/10) recently disclosed remote code execution bug in NetScaler ADC & Gateway.
The vuln was leveraged as an 0day in June.
The ShadowServer Foundation says there are ~15,000 NetScaler ADC and Gateway servers exposed online vulnerable to CVE-2023-3519.
Threat actors have breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week.
Technical details are now available for a recently patched high-severity vuln in Citrix ADC and Gateway > CVE-2023-3467
Researchers at Resillion, credited for the find, explain how the issue could be exploited to achieve root-level privileges.
https://www.resillion.com/escalating-privileges-in-citrix-adc/
Part of Citrix’s solution line-up, Citrix ADC (formerly NetScaler ADC) is an application delivery and load balancing solution. In March 2023, two of Resillion’s ethical hackers (Jorren Geurts & Wouter Rijkbost) identified a vulnerability within Citrix ADC that allowed anyone with access to the management interface to escalate their privileges up to root. Essentially giving […]
Metacurity
Lesley Carhart 